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DETAILED ACTION 

1 . Claims 1 -7, 14-21, 23, 25-28 & 30-32 are pending. 

Response to Amendment 

2. In response to the Amendment filed 4-28-09, the Objection to claim 9 is 
withdrawn. 

Response to Arguments 

3. Applicant's arguments filed 4-28-09 have been fully considered but they are not 
persuasive. Regarding Applicant's argument that Wettstein does not disclose the user's 
service indicator is opaque outside the Identity Generator. Wettstein discloses that all 
identities, including user service indicators, are opaque (See page 3, paragraph 34, 
lines 1-4; wherein a service based user identity is the user's service indicator). 
Wettstein further discloses that the opaque values are to shroud the true values from 
the public (See page 4, par. 49, lines 1-5). 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
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only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

1. Claims 1-7, 14-21, 23, 25-28 & 30-32 are rejected under 35 U.S.C. 102(e) as 
being anticipated by U.S. Patent Application Publication No. 2003/0093681 to Wettstein. 

2. Regarding claim 1 , Wettstein teaches an Identity Generator device arranged for 
generating a user's service indicator for a user to access a number of services offered 
by a service provider through a network operator where user data for the user are 
accessible in a user directory system, this user's service indicator being usable between 
the service provider domain and the network operator domain to unambiguously identify 
the user at each respective domain (See page 3, paragraph 34, lines 1-3, and par. 35, 
lines 1-6), the Identity Generator device comprising: means for obtaining a master 
user's identifier (380) usable to identify the user at the operator's network (See p. 4, par. 
44, lines 2-4); means for obtaining a service identifier (400), indicative of services to be 
accessed at the service provider (See p. 4, par. 46); and means for constructing a 
user's service indicator (540) that includes the master user's identifier and the service 
identifier (See p. 4, par. 44, lines 2-4, and par. 46); wherein the user's service indicator 
is opaque outside the Identity Generator device (See par. 34, lines 1-4, and par. 49, 
lines 1-5), which further comprises: a Decomposer component having means for 
carrying out a reverse generation to obtain a master user's identifier from a given user's 
service indicator (See par. 61, lines 7-12; wherein the service authorization identity is 
the user's identifier); and means for verifying the validity of the given user's service 
indicator by making use of the master user's identifier as a search key towards the user 
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directory system (See par. 27, lines 1-6; wherein the identity repository is the user 
directory system). 

3. Regarding claim 2, Wettstein teaches the service identifier indicative of services 
to be accessed at the service provider, comprises at least one element selected from: a 
service provider indicator, and a number of service indicators (See par. 35, lines 1-6; 
wherein the number of service indicators is unlimited). 

4. Regarding claim 3, Wettstein teaches a means for obtaining at least one element 
selected from: network operator identifier, auxiliary value, expiry time, and integrity code 
(See par. 48, lines 4-10 and 22-25); and means for including the at least one element 
into the user's service indicator (See par. 28, lines 1-4). 

5. Regarding claim 4, Wettstein teaches the master user's identifier is built up as a 
function of a real user identity (See par. 37, lines 5-11). 

6. Regarding claim 5, Wettstein teaches a means for carrying out a symmetric 
cipher of the user's service indicator using a ciphering key (See par. 48, lines 12-16; 
wherein authentication key 460 is the ciphering key). 

7. Regarding claim 6, Wettstein teaches the ciphering key is unique for all the 
applicable service providers (See par. 45, lines 1-4; wherein each key 460 is unique). 

8. Regarding claim 7, Wettstein teaches the ciphering key is different for each 
service provider (See par. 45, lines 1-4; wherein each unique key is different). 

9. Regarding claim 14, Wettstein teaches a method for generating at an Identity 
Generator device of a network operator a user's service indicator intended for a user to 
access a number of services offered by a service provider through a network operator 
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where user data for the user are accessible in a directory system (See par.'s 26 & 27), 
this user's service indicator being usable between the service provider domain and the 
network operator domain to unambiguously identify the user at each respective domain 
(See page 3, paragraph 34, lines 1-3), the method comprising the steps of: obtaining a 
master user's identifier usable to identify the user at the operator's network (See par. 
35, lines 1-6); obtaining a service identifier, indicative of services to be accessed at the 
service provider (See p.4, par. 44, lines 2-4); and constructing a user's service indicator 
that includes the master user's identifier and the service identifier (See par. 46); and 
wherein the constructed user's service indicator is opaque outside the Identity 
Generator device (See par. 34, lines 1-4, and par. 49, lines 1-5), the method further 
comprising: carrying out a reverse generation to obtain a master user's identifier from 
the given user's service indicator (See par. 61 , lines 7-12; wherein the service 
authorization identity is the user's identifier); and verifying the validity of the given user's 
service indicator by making use of the master user's identifier as a search key towards 
the user directory system (See par. 27, lines 1-6; wherein the identity repository is the 
user directory system). 

1 0. Regarding claim 1 5, this claim recites a method for operating the device of claim 

2, and is rejected for the same reasons. 

1 1 . Regarding claim 1 6, this claim recites a method for operating the device of claim 

3, and is rejected for the same reasons. 

12. Regarding claim 17, Wettstein teaches applying a function to a real user identity 
(See par. 41). 
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1 3. Regarding claim 1 8, this claim recites a method for operating the device of claim 

5, and is rejected for the same reasons. 

14. Regarding claim 1 9, this claim recites a method for operating the device of claim 

6, and is rejected for the same reasons. 

1 5. Regarding claim 20, this claim recites a method for operating the device of claim 

7, and is rejected for the same reasons. 

16. Regarding claim 21 , Wettstein teaches determining a service provider issuing a 
communication based on a given user's service indicator (See par. 35, lines 6-9; 
wherein there is only one service provider associated with the service indicator). 

17. Regarding claim 23, Wettstein teaches the Identity Generator device is integrated 
in, or in close cooperation with, an entity of an identity provider network where the user 
data is accessible (See p. 4, par. 44, lines 2-4, and par. 46). 

18. Regarding claim 25, Wettstein teaches the entity is a Central Provisioning Entity 
responsible for provisioning tasks in the operator's network (See par. 48, lines 4-10; 
wherein the server is the central provisioning entity). 

19. Regarding claim 26, Wettstein teaches the entity is a User Directory System 
storing user data (See par. 48, lines 4-10; wherein the server is the user directory 
system). 

20. Regarding claim 27, Wettstein teaches the entity is a Border Gateway placed at 
the border of the operator domain (See par. 48, lines 4-10; wherein the server is the 
border gateway). 
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21 . Regarding claim 28, Wettstein teaches the Border Gateway is an entity selected 
from: an HTTP Proxy, a WAP Gateway, and a Messaging Gateway (See par. 48, lines 
4-10; wherein the server is an HTTP proxy). 

22. Regarding claim 30, Wettstein teaches the means for carrying out a reverse 
generation in the Decomposer component comprises means for obtaining the service 
identifier used to generate the given user's service indicator (See par. 62, lines 1-6; 
wherein the server authorization identity is the service identifier). 

23. Regarding claim 31 , Wettstein teaches the means for carrying out a reverse 
generation in the Decomposer component further comprises means for obtaining at 
least one element selected from: network operator identifier, and ciphering key used to 
generate the given user's service indicator (See par. 62, lines 6-14; wherein server 
authorization identity is network operator identifier). 

24. Regarding claim 32, Wettstein teaches the means for carrying out a reverse 
generation in the Decomposer component further comprises: means for obtaining 
applicable expiry time criteria; and means for verifying the validity of a given temporary 
user's service indicator against said expiry time criteria (See par. 14, lines 6-1 1 ; wherein 
time-based authorization process includes verifying a temporary indicator against a time 
criteria). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey Seto whose telephone number is (571)270-7198. 
The examiner can normally be reached on Monday thru Thursday and alt. Fridays, 9:30 
AM-7 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Joseph E. Avellino can be reached on (571) 272-3905. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



JKS 

8/3/2009 

/Joseph E. Avellino/ 

Supervisory Patent Examiner, Art Unit 2458 



